Vulnerabilities > CVE-2024-6302 - Unspecified vulnerability in Conduit

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

conduit

NVD

Published: 2024-06-25

Updated: 2024-09-20

Summary

Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction events.

Vulnerable Configurations

Part	Description	Count
Application	Conduit Conduit Conduit *	1

References

https://gitlab.com/famedly/conduit/-/releases/v0.7.0
https://conduit.rs/changelog/#v0-7-0-2024-04-25